| Java servlet technology offers many advantages. -
A servlet can interact with other resources ”file systems, databases, applets, applications written in the Java language or in other languages ”to construct the response that is sent back to the client. When needed, the servlet can save information about the request/response interaction. -
With the servlet approach, the servlet container can grant full access to local facilities, such as databases, and trust that the servlet itself will control the amount and precise nature of access that is effectively afforded to external users. For example, the Java Servlet API provides methods to monitor and verify the origin of all requests . Moreover, the servlet code is not passed to the client, only the results that it produces. If the code is not passed to the client, malicious users cannot save it or disassemble it. This protects proprietary algorithms within the servlet. -
Servlets can be client programs of other services. For example, servlets are often used in distributed application systems and are typically used to invoke EJB components . -
Servlets can be chained . This means that one servlet can call another servlet, thus becoming its client. Several servlets can be called in sequence. -
Servlets can be dynamically called from within HTML pages, using the special HTML <SERVLET> tag. This function is also known as servlet-tag technique . With this technique, a servlet container converts a section of an HTML file into an alternative dynamic portion each time the document is sent to the client's browser. This dynamic portion invokes an appropriate servlet and passes to it the parameters it needs. The HTML document must carry the extension .shtml rather than the usual .html . In addition, the point at which the inclusion should be made is marked with the special <SERVLET> and </SERVLET> tag pair, as shown in Listing 4.2. Listing 4.2. Servlet-Tag Technique <HTML> <HEAD> <TITLE>Simple SHTML Page</TITLE> </HEAD> <BODY> <H1>Simple SHTML Page</H1> <SERVLET Code=Welcome.class> <param firstName=John lastName=Smith> </SERVLET> </BODY> </HTML> -
A servlet service routine is only a thread, not an entire operating system process. That is why a servlet can handle connections with multiple clients, accepting requests and downloading responses back to the multiple clients . This is a more efficient mechanism than using CGI. -
Servlets are portable. They run on a variety of servers and operating systems without needing to be rewritten and recompiled. -
Java servlets must respect the security rules of the Java platform where they run. -
Like all Java programs, servlets can use all the capabilities of the object-oriented Java language. That is, they can be rapidly developed, and their lack of pointers promotes robust applications (unlike C). Also, memory access violations are not possible, so faulty servlets will not crash servers. From a high-level perspective, servlets can perform the same functions as CGI programs. However, there are some important differences. -
CGI applications may be difficult to develop, as technical knowledge is needed to work with parameter passing, and this is not a commonly available skill. They are not portable; a CGI application written for a specific platform will be able to run only in that environment. Each CGI application is part of a specific process that is activated by a client's request and is destroyed after the client has been served. This causes high start-up, memory, and central processing unit (CPU) costs and implies that multiple clients cannot be served by the same process. -
On the other hand, servlets offer all the advantages of Java programs; they are portable and robust applications and are easy to develop. Servlets also allow you to generate dynamic portions of HTML pages embedded in static HTML pages using the <SERVLET> tag. However, the main advantage of servlets over CGI programs is that a servlet is activated by the first client that sends it a request. The servlet then continues running in the background, waiting for further requests. Each request dispatches a thread, not an entire process. Multiple clients may be served simultaneously inside the same process, and typically, the servlet process is destroyed only when the servlet container is shut down. In fact, servlets generally follow what is known as a singleton pattern ; at the appropriate time, the servlet container creates a single instance of a servlet. Once the single instance is created, multiple threads, each handling a single client request and generating a response, use the same common instance of the servlet. Although this may at first seem counterintuitive, it has performance advantages when there are thousands of requests to the servlet every second. Having a single instance of the servlet eliminates the need to create and garbage collect the servlet instances. From a security perspective, it must be noted that -
CGI programs are typically written in C, C++, or Perl. This means that they are subjected to the security limitations of the operating system only. If further security restrictions need to be applied, these must be coded into the program by the CGI programmer. -
In contrast, servlets are written in the Java language and run in a servlet container ”an enhanced Java runtime. Hence, they are subjected to the security restrictions imposed by the java.lang.SecurityManager of the servlet container in which they run. |
